MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbc0a7782e9c3dfcb83436ae6240bad15f49977438f8896a68babd4c3a3beebd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbc0a7782e9c3dfcb83436ae6240bad15f49977438f8896a68babd4c3a3beebd
SHA3-384 hash: b496d20a06dc6f00f33ef27d8a7d348cf0e97da661240d2dc530cb5dd950974ea625ad4ec27461ea32036278b5cddd0c
SHA1 hash: 04fa4ef4cf0775e8a43cfadf675a33f638e9ca76
MD5 hash: 06eaf3428f6a5e8d45c44163671b7d8c
humanhash: nebraska-high-summer-kilo
File name:New Order.gz
Download: download sample
Signature Loki
Create hunting rule
File size:346'028 bytes
First seen:2020-10-21 08:50:48 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:iH/YkBggoeb6Yn3/y8vvwJ5nUePkOvLYaISMeIls301NDvgD/s1+DOM1TDuEt1vC:iHlBdDb6Y3/PvvwTzZvMaaJK01NzgDUP
TLSH E17423505A72B0C79A4C1C324A7064B2DAF44AB8DF2D5D4F7293E83A6F3BD1051E3A79
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: lucky-pro.com
Sending IP: 156.96.154.223
From: Karen Arafol <luyunbo@lucky-pro.com>
Subject: RE: Our new order P.O(01-20 CH) 2020--TM20239
Attachment: New Order.gz (contains "New Order.exe")

Loki C2:
http://jlk-comercial.com/wp-includes/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20789.RarHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbc0a7782e9c3dfcb83436ae6240bad15f49977438f8896a68babd4c3a3beebd/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 07:34:26 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7pako6botq67zobug2xgeqf22fputf3uhd4is2tixk6uyor3526q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz fbc0a7782e9c3dfcb83436ae6240bad15f49977438f8896a68babd4c3a3beebd

(this sample)

Loki

Executable exe f06bb2c1b0cab9cdbd31a5981b50d92dc367be9599ba4e83453b7d6ce3915f2c

  
Dropping
MD5 435e861bd8cf2273c3ccf22880860438
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f06bb2c1b0cab9cdbd31a5981b50d92dc367be9599ba4e83453b7d6ce3915f2c

Comments